Comments (8)
我测试时使用acme来申请letsencrypt证书。
在 ~/.acme.sh/example.com/目录下:
ca.cer 就是CA,example.com.cer是域名的证书,example.com.key是私钥
csr文件是制作来申请证书的请求文件,一般只有在证书申请时才用得到。
如果你还有申请pkcs12证书的话,还会有一个.pfx的证书文件,这个只是给部分客户端导入才用得到的。
不清楚letsencrypt给你的是哪几个,你需要重命名的就是上面的前3个。
from one-key-ikev2-vpn.
Hi @quericy
There are several private keys and certs under my_key/
, which one should be installed on the mobile device ?
from one-key-ikev2-vpn.
@HuKeping If you import SSL cert ,then you don't need to install it on the client. Otherwise, you need to install the ca.cert.pem .
from one-key-ikev2-vpn.
Thank you @quericy ! I installed the ca.cert.pem
and it can be connected now!
from one-key-ikev2-vpn.
Hi @quericy I get my phone connected to the VPN successfully but after that it can not get access to the internet, I checked the log on my VPS by ipsec status
which shows the IP for my phone is 10.31.2.1
. I wonder if it was the xxx.1
address is not a valid one since it always be reserved for the gateway.
from one-key-ikev2-vpn.
@HuKeping I think you may need to open the ip_forward or check the POSTROUTING iptables rules.
from one-key-ikev2-vpn.
我看别人的文章http://blog.zorro.im/posts/strongswan-ikev2-for-ios-with-letsencrypt.html
用certbot生成证书,设置应该是这样的
ipsec.conf
leftcert=fullchain.pem
ipsec.secret
: RSA privkey.pem
文章提及的拷贝位置为(域名和路径自己改吧)
cp /etc/letsencrypt/live/your.domain/fullchain.pem /etc/ipsec.d/certs
cp /etc/letsencrypt/live/your.domain/privkey.pem /etc/ipsec.d/private
from one-key-ikev2-vpn.
@sunshineplan 没有必要用fullchain吧. 如果中间证书颁发机构是受信任的,连接时已经可以获取完整的证书链了,直接使用域名的证书就可以了.
from one-key-ikev2-vpn.
Related Issues (20)
- bandwagonhost no longer work HOT 1
- 非常奇怪的墙
- Ubuntu 安装成功,从log 看是IOS(显示服务器无响应)收不到数据,难道被防火墙挡了? HOT 2
- Google Cloud Platform - CentOS 6, 连接成功, 能打开网页, 但是重启后失效的问题.
- Android 现在支持IKEV2了,CentOS8也出来了,求更新
- 配置文件语法错误,不能启动。 HOT 3
- 修改后还是无法启动,这样改了可以了。 HOT 1
- 现在支持ipv6吗? 支持debian吗?
- lxc虚拟机可以用吗?
- IKE authentication credentials are unacceptable - Windows 10 Client
- 这个脚本在有些VPS上出现809错误 HOT 1
- strongswan客户端连接提示“用户鉴权失败” HOT 4
- How Connect To External radius server HOT 5
- AWS 动态ip如何配置
- 如果採用 Letsencrypt 產生憑證之後的綁定方式 HOT 1
- 安卓 ikev2 HOT 2
- 远程id是多少
- no matching outbound IPsec policy for
- ikev2 可以连接但无法访问网络
- an unexpected error occurred after starting connection HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from one-key-ikev2-vpn.